Ramakrishna, Perhaps there is something not right with your client application config? Is it running on https://192.168.111.118:8443 or is that CAS?
Multiple service tickets in the URL suggests that the request is being redirected to CAS multiple times. Ray On Fri, 2018-01-26 at 16:49 +0530, Ramakrishna G wrote: Hi , Now I think I resolved certificate issue. But I am getting this error [Fri Jan 26 16:22:24.270308 2018] [authz_core:debug] [pid 19878] mod_authz_core.c(809): [client 192.168.111.118:62974<http://192.168.111.118:62974>] AH01626: authorization result of Require valid-user : denied (no authenticated user yet) [Fri Jan 26 16:22:24.270359 2018] [authz_core:debug] [pid 19878] mod_authz_core.c(809): [client 192.168.111.118:62974<http://192.168.111.118:62974>] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet) [Fri Jan 26 16:22:24.270390 2018] [auth_cas:debug] [pid 19878] mod_auth_cas.c(2076): [client 192.168.111.118:62974<http://192.168.111.118:62974>] Entering cas_authenticate() [Fri Jan 26 16:22:24.270415 2018] [auth_cas:debug] [pid 19878] mod_auth_cas.c(656): [client 192.168.111.118:62974<http://192.168.111.118:62974>] Modified r->args (now 'ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client') [Fri Jan 26 16:22:24.270486 2018] [auth_cas:debug] [pid 19878] mod_auth_cas.c(1779): [client 192.168.111.118:62974<http://192.168.111.118:62974>] entering getResponseFromServer() [Fri Jan 26 16:22:24.270617 2018] [auth_cas:debug] [pid 19878] mod_auth_cas.c(584): [client 192.168.111.118:62974<http://192.168.111.118:62974>] CAS Service 'https%3a%2f%2f192.168.111.118%3a8443%2f%3fticket%3dST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client%26ticket%3dST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client' [Fri Jan 26 16:22:24.479223 2018] [auth_cas:debug] [pid 19878] mod_auth_cas.c(1856): [client 192.168.111.118:62974<http://192.168.111.118:62974>] Validation response: <!doctype html><html lang="en"><head><title>HTTP Status 406 \xe2\x80\x93 Not Acceptable</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name<http://a.name> {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 406 \xe2\x80\x93 Not Acceptable</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The target resource does not have a current representation that would be acceptable to the user agent, according to the proactive negotiation header fields received in the request, and the server is unwilling to supply a default representation.</p><hr class="line" /><h3>Apache Tomcat/8.5.24</h3></body></html> [Fri Jan 26 16:22:24.479448 2018] [auth_cas:debug] [pid 19878] mod_auth_cas.c(1440): [client 192.168.111.118:62974<http://192.168.111.118:62974>] entering isValidCASTicket() [Fri Jan 26 16:22:24.479470 2018] [auth_cas:debug] [pid 19878] mod_auth_cas.c(1446): [client 192.168.111.118:62974<http://192.168.111.118:62974>] MOD_AUTH_CAS: response = <!doctype html><html lang="en"><head><title>HTTP Status 406 \xe2\x80\x93 Not Acceptable</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name<http://a.name> {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 406 \xe2\x80\x93 Not Acceptable</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The target resource does not have a current representation that would be acceptable to the user agent, according to the proactive negotiation header fields received in the request, and the server is unwilling to supply a default representation.</p><hr class="line" /><h3>Apache Tomcat/8.5.24</h3></body></html> [Fri Jan 26 16:22:24.479581 2018] [auth_cas:error] [pid 19878] [client 192.168.111.118:62974<http://192.168.111.118:62974>] MOD_AUTH_CAS: error parsing CASv2 response: XML parser error code: syntax error (2) [Fri Jan 26 16:22:24.523966 2018] [authz_core:debug] [pid 19205] mod_authz_core.c(809): [client 192.168.111.118:62976<http://192.168.111.118:62976>] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.524008 2018] [authz_core:debug] [pid 19205] mod_authz_core.c(809): [client 192.168.111.118:62976<http://192.168.111.118:62976>] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.524022 2018] [auth_cas:debug] [pid 19205] mod_auth_cas.c(2076): [client 192.168.111.118:62976<http://192.168.111.118:62976>] Entering cas_authenticate(), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.524042 2018] [auth_cas:debug] [pid 19205] mod_auth_cas.c(584): [client 192.168.111.118:62976<http://192.168.111.118:62976>] CAS Service 'https%3a%2f%2f192.168.111.118%3a8443%2ffavicon.ico', referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.524049 2018] [auth_cas:debug] [pid 19205] mod_auth_cas.c(532): [client 192.168.111.118:62976<http://192.168.111.118:62976>] entering getCASLoginURL(), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.524058 2018] [auth_cas:debug] [pid 19205] mod_auth_cas.c(509): [client 192.168.111.118:62976<http://192.168.111.118:62976>] entering getCASGateway(), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.524065 2018] [auth_cas:debug] [pid 19205] mod_auth_cas.c(599): [client 192.168.111.118:62976<http://192.168.111.118:62976>] entering redirectRequest(), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.524072 2018] [auth_cas:debug] [pid 19205] mod_auth_cas.c(611): [client 192.168.111.118:62976<http://192.168.111.118:62976>] Adding outgoing header: Location: https://192.168.111.118:8443/cas/login?service=https%3a%2f%2f192.168.111.118%3a8443%2ffavicon.ico, referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.565945 2018] [authz_core:debug] [pid 19201] mod_authz_core.c(809): [client 192.168.111.118:62978<http://192.168.111.118:62978>] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.565996 2018] [authz_core:debug] [pid 19201] mod_authz_core.c(809): [client 192.168.111.118:62978<http://192.168.111.118:62978>] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.566012 2018] [auth_cas:debug] [pid 19201] mod_auth_cas.c(2076): [client 192.168.111.118:62978<http://192.168.111.118:62978>] Entering cas_authenticate(), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.566026 2018] [auth_cas:debug] [pid 19201] mod_auth_cas.c(656): [client 192.168.111.118:62978<http://192.168.111.118:62978>] Modified r->args (now ''), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.566104 2018] [auth_cas:debug] [pid 19201] mod_auth_cas.c(1779): [client 192.168.111.118:62978<http://192.168.111.118:62978>] entering getResponseFromServer(), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.566245 2018] [auth_cas:debug] [pid 19201] mod_auth_cas.c(584): [client 192.168.111.118:62978<http://192.168.111.118:62978>] CAS Service 'https%3a%2f%2f192.168.111.118%3a8443%2ffavicon.ico', referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.731155 2018] [auth_cas:debug] [pid 19201] mod_auth_cas.c(1856): [client 192.168.111.118:62978<http://192.168.111.118:62978>] Validation response: <!doctype html><html lang="en"><head><title>HTTP Status 406 \xe2\x80\x93 Not Acceptable</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name<http://a.name> {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 406 \xe2\x80\x93 Not Acceptable</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The target resource does not have a current representation that would be acceptable to the user agent, according to the proactive negotiation header fields received in the request, and the server is unwilling to supply a default representation.</p><hr class="line" /><h3>Apache Tomcat/8.5.24</h3></body></html>, referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.731389 2018] [auth_cas:debug] [pid 19201] mod_auth_cas.c(1440): [client 192.168.111.118:62978<http://192.168.111.118:62978>] entering isValidCASTicket(), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.731411 2018] [auth_cas:debug] [pid 19201] mod_auth_cas.c(1446): [client 192.168.111.118:62978<http://192.168.111.118:62978>] MOD_AUTH_CAS: response = <!doctype html><html lang="en"><head><title>HTTP Status 406 \xe2\x80\x93 Not Acceptable</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name<http://a.name> {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 406 \xe2\x80\x93 Not Acceptable</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Description</b> The target resource does not have a current representation that would be acceptable to the user agent, according to the proactive negotiation header fields received in the request, and the server is unwilling to supply a default representation.</p><hr class="line" /><h3>Apache Tomcat/8.5.24</h3></body></html>, referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client [Fri Jan 26 16:22:24.731538 2018] [auth_cas:error] [pid 19201] [client 192.168.111.118:62978<http://192.168.111.118:62978>] MOD_AUTH_CAS: error parsing CASv2 response: XML parser error code: syntax error (2), referer: https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client Can you pls help. On Thu, Jan 25, 2018 at 11:04 PM, Ramakrishna G <[email protected]<mailto:[email protected]>> wrote: Hi David, As suggested I enabled Debug Mode. Error what I got to.. [Thu Jan 25 17:53:01.512443 2018] [ssl:info] [pid 28180] SSL Library Error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request -- speaking HTTP to HTTPS port!? [Thu Jan 25 17:53:01.940036 2018] [ssl:info] [pid 28181] [client 192.168.111.84:62057<http://192.168.111.84:62057>] AH01964: Connection to child 1 established (server 192.168.111.12:443<http://192.168.111.12:443>) [Thu Jan 25 17:53:01.940406 2018] [ssl:info] [pid 28181] [client 192.168.111.84:62057<http://192.168.111.84:62057>] AH01996: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page [Thu Jan 25 17:53:01.940458 2018] [ssl:info] [pid 28181] SSL Library Error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request -- speaking HTTP to HTTPS port!? [Thu Jan 25 17:53:13.796431 2018] [ssl:info] [pid 28182] [client 192.168.111.84:62058<http://192.168.111.84:62058>] AH01964: Connection to child 2 established (server 192.168.111.12:443<http://192.168.111.12:443>) [Thu Jan 25 17:53:13.796782 2018] [ssl:debug] [pid 28182] ssl_engine_io.c(1202): (70014)End of file found: [client 192.168.111.84:62058<http://192.168.111.84:62058>] AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] [Thu Jan 25 17:53:13.796815 2018] [ssl:info] [pid 28182] [client 192.168.111.84:62058<http://192.168.111.84:62058>] AH01998: Connection closed to child 2 with abortive shutdown (server 192.168.111.12:443<http://192.168.111.12:443>) ~ LoadModule auth_cas_module modules/mod_auth_cas.so CASCookiePath /var/cache/mod_auth_cas/ CASCertificatePath /etc/ssl/certs/ CASLoginURL https://192.168.111.12:9443/cas/login CASRootProxiedAs https://192.168.111.12 CASValidateURL https://192.168.111.12:9443/cas/serviceValidate #CASProxyValidateURL https://192.168.111.12:9443/cas/proxyValidate CASDebug On LogLevel debug CASValidateSAML On CASVersion 2 #CASValidateServer off #CASAllowWildcardCert off CASTimeout 86400 CASIdleTimeout 7200 CASSSOEnabled On #LogLevel debug <VirtualHost *:80> DocumentRoot "/var/www/html/" ServerName 192.168.111.12 CASValidateSAML On LogLevel debug ErrorLog /var/log/cas_error_log CustomLog /var/log/cas_access_log combined # Other directives here #AuthType CAS #require valid-user </VirtualHost> <directory /var/www/html> AllowOverride Order allow,deny Allow from all Authtype CAS require valid-user Allow from env=no_cas_use #Satisfy Any # require cas-attribute edupersonaffiliation:staff </directory> What am I missing? Thankyou Ramakrishna On Thu, Jan 25, 2018 at 10:45 PM, David Hawes <[email protected]<mailto:[email protected]>> wrote: On 23 January 2018 at 08:52, Ramakrishna G <[email protected]<mailto:[email protected]>> wrote: > Unauthorized > > This server could not verify that you are authorized to access the document > requested. Either you supplied the wrong credentials (e.g., bad password), > or your browser doesn't understand how to supply the credentials required. > > > Ticket is generated but says the above error. I am using mod_auth_cas in > Apache server. Set: LogLevel debug CASDebug On and check your error logs. You should have information as to why you get this error. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:cas-user%[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wCcoYC-Sg4V3dE6hOxi-0QqiaJWm44xo9PuDhAt%2Br8wxA%40mail.gmail.com. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1517332929.1782.33.camel%40uvic.ca.
